Interested to Buy Any Domain ? << Click Here >> for more details...
IS auditors are MOST likely to perform compliance tests of
internal controls if, after their initial evaluation of the
controls, they conclude that:
A. a substantive test would be too costly.
B. the control environment is poor.
C. inherent risk is low.
D. control risks are within the acceptable limits.
- 2 Answers
- 8992 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
IS auditors perform tests of controls (compliance testing)
to assess whether control risks are within acceptable
limits. The results of the compliance testing would
influence the IS auditor's decisions as to the extent of
tests of balance (substantive testing). If compliance
testing confirms that the control risks are within an
acceptable level, then the extent of substantive testing
would be reduced. During the testing phase of an audit, an
IS auditor does not know whether the controls identified
operate effectively. Tests of controls, therefore, evaluate
whether specific, material controls are, in fact reliable.
Performing test of controls may conclude that the control
environment is poor, but it is not the objective of
compliance testing. Inherent risks cannot be determined by
performing a test of controls.
| Is This Answer Correct ? | 6 Yes | 3 No |
Answer / guest
D. control risks are within the acceptable limits.
| Is This Answer Correct ? | 3 Yes | 1 No |
If a database is restored using before-image dumps, where should the process be restarted following an interruption? A. Before the last transaction B. After the last transaction C. The first transaction after the latest checkpoint D. The last transaction before the latest checkpoint
Which of the following group/individuals should assume overall direction and responsibility for costs and timetables of system development projects? A. User management B. Project steering committee C. Senior management D. Systems development management
Digital signatures require the: A. signer to have a public key and the receiver to have a private key. B. signer to have a private key and the receiver to have a public key. C. signer and receiver to have a public key. D. signer and receiver to have a private key.
Antivirus software should be used as a: A. detective control. B. preventive control. C. corrective control. D. compensating control.
An IS auditor is reviewing the database administration function to ascertain whether adequate provision has been made for controlling data. The IS auditor should determine that the: A. function reports to data processing operations. B. responsibilities of the function are well defined. C. database administrator is a competent systems programmer. D. audit software has the capability of efficiently accessing the database.
An IS auditor performing an application maintenance audit would review the log of program changes for the: A. authorization for program changes. B. creation date of a current object module. C. number of program changes actually made. D. creation date of a current source program.
The rate of change of technology increases the importance of: A. outsourcing the IS function. B. implementing and enforcing good processes. C. hiring personnel willing to make a career within the organization. D. meeting user requirements.
During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: A. assessment of the situation may be delayed. B. execution of the disaster recovery plan could be impacted. C. notification of the teams might not occur. D. potential crisis recognition might be delayed.
During the review of a biometrics system operation, the IS auditor should FIRST review the stage of: A. enrollment. B. identification. C. verification. D. storage.
Confidential data residing on a PC is BEST protected by: A. a password. B. file encryption. C. removable diskettes. D. a key operated power source.
Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties? A. Sequence check B. Check digit C. Source documentation retention D. Batch control reconciliations
The FIRST task an IS auditor should complete when performing an audit in an unfamiliar area is to: A. design the audit programs for each system or function involved. B. develop a set of compliance tests and substantive tests. C. gather background information pertinent to the new audit. D. assign human and economical resources.
Cisco Certifications 
